Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16910 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2026-02-23 | 4.3 MEDIUM | 6.2 MEDIUM |
|
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p>
<p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p>
<p>The security update addresses the vulnerability by correcting security feature behav ...
Show More |
|||||
| CVE-2024-9333 | 2026-02-23 | N/A | N/A | ||
|
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
|
|||||
| CVE-2023-6239 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 5.4 MEDIUM |
|
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
|
|||||
| CVE-2025-69875 | 1 Quickheal | 1 Total Security | 2026-02-11 | N/A | 7.8 HIGH |
|
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.
|
|||||
| CVE-2025-9615 | 2026-01-27 | N/A | 3.3 LOW | ||
|
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
|
|||||
| CVE-2025-43026 | 1 Hp | 1 Support Assistant | 2026-01-13 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
|
|||||
| CVE-2024-32020 | 2 Fedoraproject, Git-scm | 2 Fedora, Git | 2026-01-06 | N/A | 3.9 LOW |
|
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repositor ...
Show More |
|||||
| CVE-2024-12125 | 2025-11-14 | N/A | 7.5 HIGH | ||
|
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.
|
|||||
| CVE-2025-37735 | 2025-11-06 | N/A | 7.0 HIGH | ||
|
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.
|
|||||
| CVE-2025-34298 | 1 Nagios | 1 Log Server | 2025-11-06 | N/A | 8.8 HIGH |
|
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
|
|||||
| CVE-2023-42867 | 1 Apple | 1 Garageband | 2025-11-04 | N/A | 7.8 HIGH |
|
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
|
|||||
| CVE-2024-40828 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2024-40824 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2024-40821 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.1 HIGH |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.
|
|||||
| CVE-2024-40811 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 7.1 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2024-40800 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2024-44188 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
|||||
| CVE-2024-44149 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
|||||
| CVE-2024-40859 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-40831 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
|
|||||
| CVE-2024-40770 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
|
|||||
| CVE-2024-33892 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2025-11-04 | N/A | 7.5 HIGH |
|
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
|
|||||
| CVE-2024-27858 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
|||||
| CVE-2024-27795 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
|
|||||
| CVE-2024-54515 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2024-54513 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.
|
|||||
| CVE-2024-54484 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-54465 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.
|
|||||
| CVE-2025-31184 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-03 | N/A | 7.8 HIGH |
|
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
|
|||||
| CVE-2025-30456 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
|
|||||
| CVE-2025-30449 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
|
|||||
| CVE-2024-44223 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 4.6 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.
|
|||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-22114 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 4.3 MEDIUM |
|
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
|
|||||
| CVE-2024-10458 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 7.5 HIGH |
|
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
|
|||||
| CVE-2025-24087 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.
|
|||||
| CVE-2025-32696 | 2025-11-03 | N/A | N/A | ||
|
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php.
This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
|
|||||
| CVE-2023-32199 | 2025-10-30 | N/A | 4.3 MEDIUM | ||
|
A vulnerability has been identified within Rancher
Manager, where after removing a custom GlobalRole that gives
administrative access or the corresponding binding, the user still
retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
|
|||||
| CVE-2017-8543 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
|
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
|
|||||